diff --git a/perl-5.33.0-reentr.c-Prevent-infinite-looping.patch b/perl-5.33.0-reentr.c-Prevent-infinite-looping.patch new file mode 100644 index 0000000..a67c259 --- /dev/null +++ b/perl-5.33.0-reentr.c-Prevent-infinite-looping.patch @@ -0,0 +1,46 @@ +From 981fbfc16220a15e72457d8ece4e014988746946 Mon Sep 17 00:00:00 2001 +From: Karl Williamson +Date: Thu, 12 Mar 2020 12:48:47 -0600 +Subject: [PATCH] reentr.c: Prevent infinite looping +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is an easy, though paranoid hedge to prevent something that should +never happen from causing an infinite loop if it were to happen. + +Signed-off-by: Petr Písař +--- + reentr.c | 2 +- + regen/reentr.pl | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/reentr.c b/reentr.c +index 8438c8f90f..2429aa2f5d 100644 +--- a/reentr.c ++++ b/reentr.c +@@ -36,7 +36,7 @@ + + #define RenewDouble(data_pointer, size_pointer, type) \ + STMT_START { \ +- const size_t size = *(size_pointer) * 2; \ ++ const size_t size = MAX(*(size_pointer), 1) * 2; \ + Renew((data_pointer), (size), type); \ + *(size_pointer) = size; \ + } STMT_END +diff --git a/regen/reentr.pl b/regen/reentr.pl +index 94721e9dec..ba2e1c8fa6 100644 +--- a/regen/reentr.pl ++++ b/regen/reentr.pl +@@ -818,7 +818,7 @@ print $c <<"EOF"; + + #define RenewDouble(data_pointer, size_pointer, type) \\ + STMT_START { \\ +- const size_t size = *(size_pointer) * 2; \\ ++ const size_t size = MAX(*(size_pointer), 1) * 2; \\ + Renew((data_pointer), (size), type); \\ + *(size_pointer) = size; \\ + } STMT_END +-- +2.25.4 + diff --git a/perl.spec b/perl.spec index 8e455d5..32abd41 100644 --- a/perl.spec +++ b/perl.spec @@ -197,6 +197,10 @@ Patch24: perl-5.33.0-Add-missing-MANIFEST-entry-from-fix-for-debugger.pat # in upstream after 5.33.0 Patch25: perl-5.33.0-reentr.c-Buffer-sizes-for-asctime_r-ctime_r-are-smal.patch +# Prevent from an integer overflow in RenewDouble() macro, +# in upstream after 5.33.0 +Patch26: perl-5.33.0-reentr.c-Prevent-infinite-looping.patch + # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch @@ -4208,6 +4212,7 @@ you're not running VMS, this module does nothing. %patch23 -p1 %patch24 -p1 %patch25 -p1 +%patch26 -p1 %patch200 -p1 %patch201 -p1 @@ -4240,6 +4245,7 @@ perl -x patchlevel.h \ 'Fedora Patch23: Fix running actions after stepping in a debugger (GH#17901)' \ 'Fedora Patch24: Fix running actions after stepping in a debugger (GH#17901)' \ 'Fedora Patch25: Fix a buffer size for asctime_r() and ctime_r() functions' \ + 'Fedora Patch26: Prevent from an integer overflow in RenewDouble() macro' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ %{nil} @@ -6967,6 +6973,7 @@ popd - Fix setting a non-blocking mode in IO::Socket::UNIX (GH#17787) - Fix running actions after stepping in a debugger (GH#17901) - Fix a buffer size for asctime_r() and ctime_r() functions +- Prevent from an integer overflow in RenewDouble() macro * Tue Jul 28 2020 Fedora Release Engineering - 4:5.32.0-458 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild